From 8906cbe3a8650e905cc82b279759aec26af314f3 Mon Sep 17 00:00:00 2001
From: Keldaan <keldaan.ag@gmail.com>
Date: Wed, 3 Apr 2024 12:41:57 +0200
Subject: [PATCH] fix regexp cve (#1622)

---
 app/rooms/commands/lobby-commands.ts | 2 +-
 app/types/index.ts                   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/rooms/commands/lobby-commands.ts b/app/rooms/commands/lobby-commands.ts
index 6dd51a2fcb..c09898a383 100644
--- a/app/rooms/commands/lobby-commands.ts
+++ b/app/rooms/commands/lobby-commands.ts
@@ -380,8 +380,8 @@ export class OpenBoosterCommand extends Command<
 
 function pickRandomPokemonBooster(guarantedUnique: boolean): PkmWithConfig {
   let pkm = Pkm.MAGIKARP,
-    shiny = chance(0.03),
     emotion = Emotion.NORMAL
+  const shiny = chance(0.03)
   const rarities = Object.keys(Rarity) as Rarity[]
   const seed = Math.random() * sum(Object.values(BoosterRarityProbability))
   let threshold = 0
diff --git a/app/types/index.ts b/app/types/index.ts
index 9b40e2aa65..c4a165aa66 100644
--- a/app/types/index.ts
+++ b/app/types/index.ts
@@ -43,8 +43,8 @@ export const CDN_PORTRAIT_URL =
 export const CDN_URL =
   "https://raw.githubusercontent.com/keldaanCommunity/SpriteCollab/master"
 
-export const USERNAME_REGEXP =
-  /^(?=.{4,20}$)(?:[\u0021-\uFFFF]+(?:(?:\.|-|_)[\u0021-\uFFFF])*)+$/
+// eslint-disable-next-line no-useless-escape
+export const USERNAME_REGEXP = /^[a-zA-Z0-9\._\-]{2,20}[^.-]$/
 
 export type NonFunctionPropNames<T> = {
   // eslint-disable-next-line @typescript-eslint/ban-types